package org.spongycastle.tsp;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collection;
import java.util.Date;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.cms.Attribute;
import org.spongycastle.asn1.cms.AttributeTable;
import org.spongycastle.asn1.cms.ContentInfo;
import org.spongycastle.asn1.cms.IssuerAndSerialNumber;
import org.spongycastle.asn1.ess.ESSCertID;
import org.spongycastle.asn1.ess.ESSCertIDv2;
import org.spongycastle.asn1.ess.SigningCertificate;
import org.spongycastle.asn1.ess.SigningCertificateV2;
import org.spongycastle.asn1.nist.NISTObjectIdentifiers;
import org.spongycastle.asn1.oiw.OIWObjectIdentifiers;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.tsp.TSTInfo;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.IssuerSerial;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSException;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.cms.CMSTypedData;
import org.spongycastle.cms.SignerId;
import org.spongycastle.cms.SignerInformation;
import org.spongycastle.cms.SignerInformationVerifier;
import org.spongycastle.operator.DigestCalculator;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.Store;

/* loaded from: classes2.dex */
public class TimeStampToken {
    CMSSignedData a;
    SignerInformation b;
    Date c;
    TimeStampTokenInfo d;
    CertID e;

    /* loaded from: classes2.dex */
    private class CertID {
        private ESSCertID b;
        private ESSCertIDv2 c;

        CertID(ESSCertID eSSCertID) {
            this.b = eSSCertID;
            this.c = null;
        }

        CertID(ESSCertIDv2 eSSCertIDv2) {
            this.c = eSSCertIDv2;
            this.b = null;
        }

        public String a() {
            return this.b != null ? "SHA-1" : NISTObjectIdentifiers.c.equals(this.c.a().a()) ? "SHA-256" : this.c.a().a().b();
        }

        public AlgorithmIdentifier b() {
            return this.b != null ? new AlgorithmIdentifier(OIWObjectIdentifiers.i) : this.c.a();
        }

        public byte[] c() {
            return this.b != null ? this.b.a() : this.c.b();
        }

        public IssuerSerial d() {
            return this.b != null ? this.b.b() : this.c.c();
        }
    }

    public TimeStampToken(ContentInfo contentInfo) throws TSPException, IOException {
        this(a(contentInfo));
    }

    public TimeStampToken(CMSSignedData cMSSignedData) throws TSPException, IOException {
        this.a = cMSSignedData;
        if (!this.a.i().equals(PKCSObjectIdentifiers.aw.b())) {
            throw new TSPValidationException("ContentInfo object not for a time stamp.");
        }
        Collection<SignerInformation> b = this.a.b().b();
        if (b.size() != 1) {
            throw new IllegalArgumentException("Time-stamp token signed by " + b.size() + " signers, but it must contain just the TSA signature.");
        }
        this.b = b.iterator().next();
        try {
            CMSTypedData j = this.a.j();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            j.a(byteArrayOutputStream);
            this.d = new TimeStampTokenInfo(TSTInfo.a(new ASN1InputStream(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).d()));
            Attribute a = this.b.k().a(PKCSObjectIdentifiers.aQ);
            if (a != null) {
                this.e = new CertID(ESSCertID.a(SigningCertificate.a(a.b().a(0)).a()[0]));
                return;
            }
            Attribute a2 = this.b.k().a(PKCSObjectIdentifiers.aR);
            if (a2 == null) {
                throw new TSPValidationException("no signing certificate attribute found, time stamp invalid.");
            }
            this.e = new CertID(ESSCertIDv2.a(SigningCertificateV2.a(a2.b().a(0)).a()[0]));
        } catch (CMSException e) {
            throw new TSPException(e.getMessage(), e.a());
        }
    }

    private static CMSSignedData a(ContentInfo contentInfo) throws TSPException {
        try {
            return new CMSSignedData(contentInfo);
        } catch (CMSException e) {
            throw new TSPException("TSP parsing error: " + e.getMessage(), e.getCause());
        }
    }

    public TimeStampTokenInfo a() {
        return this.d;
    }

    public void a(SignerInformationVerifier signerInformationVerifier) throws TSPException, TSPValidationException {
        boolean z = false;
        if (!signerInformationVerifier.a()) {
            throw new IllegalArgumentException("verifier provider needs an associated certificate");
        }
        try {
            X509CertificateHolder b = signerInformationVerifier.b();
            DigestCalculator a = signerInformationVerifier.a(this.e.b());
            OutputStream b2 = a.b();
            b2.write(b.l());
            b2.close();
            if (!Arrays.b(this.e.c(), a.c())) {
                throw new TSPValidationException("certificate hash does not match certID hash.");
            }
            if (this.e.d() != null) {
                IssuerAndSerialNumber issuerAndSerialNumber = new IssuerAndSerialNumber(b.o());
                if (!this.e.d().b().equals(issuerAndSerialNumber.b())) {
                    throw new TSPValidationException("certificate serial number does not match certID for signature.");
                }
                GeneralName[] a2 = this.e.d().a().a();
                int i = 0;
                while (true) {
                    if (i != a2.length) {
                        if (a2[i].a() == 4 && X500Name.a(a2[i].b()).equals(X500Name.a(issuerAndSerialNumber.a()))) {
                            z = true;
                            break;
                        }
                        i++;
                    } else {
                        break;
                    }
                }
                if (!z) {
                    throw new TSPValidationException("certificate name does not match certID for signature. ");
                }
            }
            TSPUtil.a(b);
            if (!b.a(this.d.c())) {
                throw new TSPValidationException("certificate not valid when time stamp created.");
            }
            if (!this.b.a(signerInformationVerifier)) {
                throw new TSPValidationException("signature not created by certificate.");
            }
        } catch (IOException e) {
            throw new TSPException("problem processing certificate: " + e, e);
        } catch (CMSException e2) {
            if (e2.a() == null) {
                throw new TSPException("CMS exception: " + e2, e2);
            }
            throw new TSPException(e2.getMessage(), e2.a());
        } catch (OperatorCreationException e3) {
            throw new TSPException("unable to create digest: " + e3.getMessage(), e3);
        }
    }

    public SignerId b() {
        return this.b.c();
    }

    public boolean b(SignerInformationVerifier signerInformationVerifier) throws TSPException {
        try {
            return this.b.a(signerInformationVerifier);
        } catch (CMSException e) {
            if (e.a() != null) {
                throw new TSPException(e.getMessage(), e.a());
            }
            throw new TSPException("CMS exception: " + e, e);
        }
    }

    public AttributeTable c() {
        return this.b.k();
    }

    public AttributeTable d() {
        return this.b.l();
    }

    public Store e() {
        return this.a.e();
    }

    public Store f() {
        return this.a.f();
    }

    public Store g() {
        return this.a.g();
    }

    public CMSSignedData h() {
        return this.a;
    }

    public byte[] i() throws IOException {
        return this.a.l();
    }
}
